i might have a stupid question here, but i'm trying to recreate this one and i'm a bit confused why you need both LastReCAPTCHAUserResponse (string) and LastReCAPTCHAServerStatus (boolean)?
i have so far created webhook, mapped sucess to the server status and even managed to receive correct response
my server status is TRUE, according to your suggestion, which means that i have validaded the CAPTCHA
i've timestamped the date and the form ID
so far i've used all fields you mention but the actual LastReCAPTCHAUserResponse
am i missing something vital here? where should this go?
LastReCAPTCHAUserResponse is for the end-user fingerprint (generated in the browser, added to the form). You have to be using some field for this, maybe you already had one and thus can skip LastReCAPTCHAUserResponse.
I don't know if this could help you, but in our company every Marketo form is followed up by an automatic, operational email (Thank you email) to validate the email address. In case the spambot is not using a valid email address, you can create a, lets say, daily scheduled smart-campaign, which it will take every contact created through that form, that never received the "thank you" email (Was Sent Email + Not Was Delivered Email) and make Marketo to add them automatically to a list, or directly delete them.
This is also useful when you want to share an asset (like a brochure pdf, a link to a report or intelligence, etc), so you make sure that no one will fill the form with "firstname.lastname@example.org" and receive the asset.
Again, I don't know if this solution will be suitable for your business model, but I hope it will help you
Implementing Google Recaptcha may not be a great idea. We implemented this on our website, and start running into issues. Since we target executives, captcha created a very bad user experience for our audience. We saw a sharp dip in our conversions for many of our campaigns. In fact, in China, the captcha didn't work at all and caused many issues. In the end, we decide to remove the captcha, and put some backend checks in place to ensure that the spam leads are not sent to the reps, and we clean them regularly.
Yeah, China is definitely a unique situation for captchas. You're better off using a locally-hosted solution such as BotDetect (which is among many things you have to think to de-Google). That said, I really think long term the solution to this problem is going to lean towards using some combination of DNSBLs (Spamhaus, StopForumSpam, Akismet, etc. I've also recently used CleanTalk in a non-Marketo context and have been impressed thus far) and/or creating some sort of collective marketing automation blacklist database. At the end of the day, that's really all noCAPTCHA is doing--it's just maintaining a giant blacklist.